IETF Logo Mail Archive

[Lake] Re: Comments for remote attestation over EDHOC

Göran Selander <goran.selander@ericsson.com> Tue, 28 May 2024 10:03 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2134C14F73F for <lake@ietfa.amsl.com>; Tue, 28 May 2024 03:03:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nu8K0WWCFNKa for <lake@ietfa.amsl.com>; Tue, 28 May 2024 03:03:13 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on2081.outbound.protection.outlook.com [40.107.13.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D38C14F6FE for <lake@ietf.org>; Tue, 28 May 2024 03:03:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X196Iarzol3vdQ+ifzUfVIlTvbZ6+NEyyXrEXUwzZzxf9nTPgMXpLXYMp2kHGzYdeg7nfJ2SkST9uq8hKghVMted9EFXI+S4R+fvhgE8fkh/ga+SScFYNbdbsFzrYqyZaMqICYqRucAbdQny9ldD4gKdGmOWZycIfGgw9zupGfVoENJn2jagCvZORqMthHVTLsuRYehZYQWatkjJEijjZrUFF4YnnOoCKsClP2RtZjx8Gboy/GfZc+57zydmifZrymXTQicoJOM6o2Z+wFJJItUZb2cYopHMM92cFy4N9G4s8JQRb7haYUQC7jcBsnigL0VB/qZr9vSDmEMW4Sti/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K9SPKUGHKGvBSI80i/p/ppoYe9RmHlsKzfoS0nBfL6U=; b=X4lQa6FI8/e9dz0zHkaofFDdQ8rIk1ZINFxtRT8N9evjQxVgJQqtwSfFrTnzIr0BUdBtDKyKq7aG+jm5ikB6CmaouW0aHk6UAT4LlsU1a8KM8YTn6h9wM9jHmWInAcKD5VBK22fSmtXwSBQldpL3HTBG41LlHxTRSXgeDRqpi+6MwdOqUHcKMs1Noy/Trn+p05J0ucnCOQtL0zktd8+W8RFCiIvXJ++RSWYYRisNHyMszeE6wBalW7V1Y8oPAWiXGjdtF3h4rMZ5TOdEAOL07BEvJrV3Rn4uehde2OYPrcTE73Qj4ueHqELkxDL4UucQw6PkxQxWIWGmD6F45xbNAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K9SPKUGHKGvBSI80i/p/ppoYe9RmHlsKzfoS0nBfL6U=; b=b3O+TdYYcP1/m0Q2wfJGGR25wdcRTShNrYXlZqExtfptvoUvg1tomhE/JR9EV6J9/XfzgHM7+iJWmxKIPvMBXqRiJov2YWlbIXE+SWvYhUu3/sNth5oxCYEuDGOFRuEjYX/l+34P+cohpFFlm+fhIJPbSFJR259M3n1oQ+/xdr9LzSb66wth2pI38IZ17yhQPApctC/36AyJ7CZ+6dpIlb12C7D1WYCiH+rVV2w6aIYTN5b4VwhpBy6znWVDGrGv0SM1SgCtj50skRSNzRmfRua8GKaG9EEjVqQ5kXie28Jdo8cpQdkd0bx8B2zibsQrzRPjNi67TxtW+sxhOrgnPA==
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com (2603:10a6:102:24a::19) by PA4PR07MB7214.eurprd07.prod.outlook.com (2603:10a6:102:fa::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Tue, 28 May 2024 10:03:09 +0000
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::1440:196c:b14:5803]) by PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::1440:196c:b14:5803%3]) with mapi id 15.20.7611.025; Tue, 28 May 2024 10:03:09 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Re: Comments for remote attestation over EDHOC
Thread-Index: AQHarkHOwQYHJrHQ7UW7pN9F58Wkc7Gns8gAgAN1NwCAATu39g==
Date: Tue, 28 May 2024 10:03:09 +0000
Message-ID: <PAXPR07MB8844C8D57906ACCE0A8A5471F4F12@PAXPR07MB8844.eurprd07.prod.outlook.com>
References: <ae2173a6-cc15-44c9-aa14-f5e7ab625201@tu-dresden.de> <14134.1716600042@obiwan.sandelman.ca> <88819c94-9cbc-44c1-ab0f-9fe6e9ed1a8e@tu-dresden.de> <14114.1716820372@obiwan.sandelman.ca>
In-Reply-To: <14114.1716820372@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAXPR07MB8844:EE_|PA4PR07MB7214:EE_
x-ms-office365-filtering-correlation-id: 250abe8e-eb93-45a7-9231-08dc7efd60f7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|376005|38070700009;
x-microsoft-antispam-message-info: SLSqfSlV6ZUczKETWXnWUiTRmEAd/D4AvFSKEr+rCiNZibB9er8QOGsuEy0GGpDypuQPrQ/XfbZ/3IrDhiE65JIqjMzF+6MyCDcVvLpDtZhw5Bbm3DaitGb/vqs+OWf4dUeagDX2vxM+XwE5+r7t2lZLgweNTKCRIwNvJ3zhikMCbe1FZ+YG7JKZ8C6E/vr2pvJVnajzYI3n2kmVBtsZm7iQlUhKxYKCl5nqvmsdzIBmVkD1IPVg29vehzygSWH73WxguPTv/33ckcX4gPsEHlqmxdjz36X5VzMZtyfUWKY5g2LvSGfdJhtrhDuBEgwW4Un3h+4LyTOx6Q9XD98N+6umAXFNz50VC/xdReXxzQWk1j6JQw6BAwd6z5+JMRuNBvtRbbJIUuM51eMCgCnkQDgFCiEiLvUcMabkSE77hLP4fbvW4RSn6sznoLj1CaaEZRFa8e1+KB8YCK9gQIeb6a55rpuFfOq0SXhygOUulvqRwCxPSkW+D9nz8QtTicRQWiFidzBjq1PI+TJVx+8BoCB44AMgQwz41MqEh9CUFoE3wCie2GC/dutAZXYNaHXkFyj09OGaCSOikdyV+9g6/8F+Xr7PK98gSLqu4iqtipSvrDhRhz51wjRhqm+q5PFAfHUVeBRjCKmkz/pYsXdZ6ETdUb33S59Le/BjcTadtBuAAhyrIjTDaQY8coI919mYNrgdl/Zo+6iYBADpL+j921/jsYyr4G/GJOydbb5hK+nvCp+PQPNoyTmKiVvrY8+vjt85CrSCa3KIFsH+2C3Ni386ykDkxG1u7AFByb4ZvEMy4JpgSpN6vLrSL5Lk/TBKoxEETKwOe+2KiwoWrUStKo0M23CdA1+dBBBuctR/fXkjkekYeWEonTyfrasv1cgccbvwVQSnU5KprsO7rzExlN1WRdQDIA9ISCIrGIr83kpmZ+MjSAC7QektlnP6aet9lnZnlv7+3tHH4ve6znNW3bqQ+cHNSVH1wDxkDE4tsS8xldm85VNfy7o6hcyrUyI0duWOu0LOuBiFTL7Kx1Kedl4QXZ3PMu9lgtetZhSkw2rGZFS4bU4lh9Lx0Lu30gE58AKkVoxlCcaqeoXnJ8hkqUi8dQpoXSPgcxaTDr7jv/oS4Y3lWppSLp1CiFaqoF1Tn/i3YOXs7ui4+LNSWkA3p2iqX61mEKHm5fB1RV92b4Ldq3ChHDX7+GXN7+nQ6b+dGVKgX6z+eC1yb0AyxVD2ogper6Y+l424QB4AYfW3txZXf77bBUqM82g3THxoUyjmGYOd7Nsj3f81x4Q2AvphkqriDkoTG/uee8SNc3Pjxu7TJt0zDt+WBpyFtpNlOb74OCnGGeddrkLTJy6PM0Apzg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR07MB8844.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(376005)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: H4uWfWiyVUdtzECLMBj1UKLFlGzdhq5MhQRWDoX+FYIhZpTgeyhWmy+c2lXuZBVnBHdBeesF5Au9Dh+y9TjBP8h1GYrnYcpqLcJRIBroGEOP23LN5g5XosFe70cOt82aa+yvxDNLC5uRr89ZG3wpkY265Xz5uPF5NRBV+M3trFpOaKLdv1YJVKXpcGs7Ht6nXFyYggbtgeC+6DqL9k35gQ8yf/rldaYVsaU+WSFdL/IG9HM+uSfpDqRNJr4+aalUA+OGiYmmzjcXwSO6TlVu52KLYq0INZUoP9h1g/4b839QWE95qsAUtID54g33Gfb0FSRmEjAsuAImgFpmNQlYwgRVNOfK1lZ2QQOHZ2iU2mFf/XdHvcD35Y7zcR6xItGJqwYqk5LAhEqERM1J1XgidnqVWueK57BEyakYMCZpcuYQAdngU1XZ2yP/yFan6uiqBIsrFfK8ID6tEaA8VgAb4f21CWeNs81mpqb0W0HkPRUsTCKs2r1+vA9/J0OhagQEhYDpNDLu7i1oExUWmaNHFO6WQNYCTLi+q8RB6egg3aAcAXNwrKpcN0QoG9Hu7RjYyJD+oPcR3jwWSJH69m3xWIDpDwFZySlcslnJZBUUJ8CX9cVAosEKAUOcddrP/kZhByUia2RtCt3/pqKGCgx63x9HHDgPkcBEQG4/AOZ6QnUlo7RljPm/lFwCM4flk96fU7583p0uMtI3mgS4ZazevLfpdJyoSmX2GfdPes1PwDGKWcDAYuzeEGyEfEoZes1zvHkFbzoGFw9DoSctafr1aXfbpJDXZTyrXvdaOKaEkK08uUrB5ri+ULHjZjBTo8OOkaUcCAk2pEK+m1eXouDkPnvjFAmab0SRn8bbjDvfzS7bHqe93jn/roKZdjrXmoKidLa4ghv7wF2MSMIF2zX4WgjZcwgaLUo+DFLyuq302JHGY9YxYXby2ixY5Poy/5AnsW3LXJFvb3Ahkhbdczmyi8/qYTL1+nCEj4F+OY4AJkCDivXd/mFUTjWg6nQFFSAzKvn96NUvE8vNMPbvd94lWyxAUCCBVW4jLGP9LFD2ierk9V1JZEt5EXjvBtNixEpH08JbIk1M8RJLufycmwngkPlN7Ukfto0umJ2azs9DMzwHswkffAUMc5UeGamPK1AXxzXqUULH3l+1RfoOgrYLz4vnQkmSJS0BSEiCxodfqynjOijRVRab0t906nITqWbZJy9f15fdrHpDIyw8e7oHpVcn+/Q++AAJj88iSqgu9QZMkaoh9tNohJlpENp4JLunU50xg/WokdxMZlR2/TVFlKZgh+jBNL+vmeYv95H0ZUVYCKwtXVh5ylbdi8I+kzOkEqrTeOVVU9Dc16sdH9+W/fQ+hya81f3EW+BAVJt8p1s7f0kh1QK/AVs0I0eO3AqSG/oogYXWgwkld3xsb+ARhYZrdAYf6yzkIaK2EmB0wpIEvxNruTpQzb649irRNFOawSk2qTxcdaylXzsZ4w4z3CTuKTLtpO7KkZchUGXg78T+qADuF2pj2Z9kEE8hE64o2qfxgvwd5njFe37Kvd1/UuFwGf5FAqG0Vv7bQY+OBgcOMSa2ZqSRLxvgyOeM1/mjqDsMRPgTK5u9WHEGF1Nu2ED8tvtNfwk6XA1PP9ctkDI=
Content-Type: multipart/alternative; boundary="_000_PAXPR07MB8844C8D57906ACCE0A8A5471F4F12PAXPR07MB8844eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB8844.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 250abe8e-eb93-45a7-9231-08dc7efd60f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2024 10:03:09.8319 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bmnyK4lbJKSWJ0XS9asttJIkyJeWIWyQFH/ITyqAsjyeTejGNeKtONiVcbDgWGnv8yNLdijOnlarU/nCxTPsC9NUjOMfG1BkOYWC1M+tCbA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB7214
Message-ID-Hash: JA5NGJ4LY6FLT4JEFGRMDDDUKO2UAHE4
X-Message-ID-Hash: JA5NGJ4LY6FLT4JEFGRMDDDUKO2UAHE4
X-MailFrom: goran.selander@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Lake] Re: Comments for remote attestation over EDHOC
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/Bb3eTcQxDA-F1AYJ0hZZy3p9wpQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>

Hi,

Here are some thoughts on this topic.

I think it would be good to be explicit about any assumptions about EDHOC roles vs. RATS architecture to simplify for the reader.

The draft intends to specify how to perform remote attestation as part of EDHOC. While EDHOC is designed with constrained nodes and networks in mind, it is not a priori clear which endpoint is constrained, if any. With this in mind I think the draft should consider all three cases: R attests I, I attests R, and I and R attest each other. Perhaps these are part of one common protocol, or perhaps some case is different.

Even if the onboarding example is an illustrative use case when remote attestation could be useful,  the specification should not be restricted to this use case. Indeed, if the authentication procedure is repeated at a later stage, for whatever reason, e.g. key rotation, it should be possible to repeat the attestation procedure.

Even if the code run during onboarding would be less tested than that used during normal operation, it may still important to verify the state with respect to that code to be able to make some asseessment about the device, for example that old versions are not used.

While the relationship and potential synergies with lake-authz could be elaborated, perhaps in an appendix, lake-authz is independent of remote attestation, and should IMHO not be a pre-requisite for this draft.

I don’t know if this helps. Perhaps others have more input?

Göran



From: Michael Richardson <mcr+ietf@sandelman.ca>
Date: Tuesday, 28 May 2024 at 10:23
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, lake@ietf.org <lake@ietf.org>
Subject: [Lake] Re: Comments for remote attestation over EDHOC

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> wrote:
    >> > 1. /Clarify the EDHOC and RA combinations/: EDHOC has two participants
    >> > (Initiator and Responder) and RATS architecture (RFC9334) defines three roles
    >> > (Relying Party, Verifier and Attester). I think it is important to clarify
    >> > which combinations are not possible or otherwise possible but not covered by
    >> > the specs.
    >>
    >> I don't see the conflict.

    > I never mentioned any "conflict", so I am not sure what you conceived as the
    > "conflict." In my mind, it was about:

Any and all combinations are *possible*

    >> I don't expect two constrained devices to be able to perform remote
    >> attestation on each other.

    > The editor of the draft does! I also heard someone else mentioning this
    > during the Hackathon.

Well, I don't see how a constrained device is going to be able to act as a
Verifier.   As a RP?  Maybe.

    >> But, even if they were CRAYs with the padded
    >> seats, it still makes no-sense.
    >> In the context of lake-authz, the Attester is the new device (U), the Verifier is
    >> W (or it's designate), and the Relying Party is V.

    > The draft under discussion never makes a reference to lake-authz.

It should.

    >> I have a half-written document on putting EAT into the full BRSKI protocol.
    >> A reason that I stopped is that I realized that doing security posture
    >> evaluation at onboarding time (only) wasn't enough.  It has to be done
    >> regularly.  So having a protocol used at onboarding time and another one
    >> during normal operation meant that the onboarding one would have bugs that
    >> never get fixed, since the code only runs once.

    > It seems very interesting. What kind of bugs? Can you give a few examples of
    > the "bugs that never get fixed"? Which "code" exactly? Are you advocating
    > that having attestation during secure channel establishment for IoT
    > onboarding is useless?

Code that runs only once in a device's lifetime likely has bugs that nobody
notices and never get fixed.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.38.3 | Report a Bug | By Email | System Status